Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 18153 - Format string bug in ucd-snmp
Format string bug in ucd-snmp
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: ucd-snmp (Show other bugs)
7.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-02 19:04 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-03 13:56:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris Evans 2000-10-02 19:04:39 EDT 
Not particularly severe for various reasons;
- I'm not sure if you ship with syslogging enabled by default
- Even if you did, it might not be exploitable
- And you don't listen on the snmp network port by default anyway.

Still,
If we look at
ucd-snmp-4.1.2/snmplib/snmp_logging.c: snmp_log_string():
...
#if HAVE_SYSLOG_H
  if (do_syslogging) {
    syslog(priority, string);
  }
#endif
...
That syslog() call is mising "%s" as a second argument. Classic format
string bug.
Probably best to patch for the next release, but I doubt it warrants an
update unless you _do_ enable syslogging by default.
Check it out and update this bug if syslogged is enabled by default.
Comment 1 Daniel Roesen 2000-10-03 13:56:13 EDT 
I think this is serious, even if default config is not exploitable.
Comment 2 Jeff Johnson 2000-10-12 11:22:08 EDT 
Fixed in ucd-snmp-4.1.2-9.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.